from the that's-not-what-the-law-says? dept

In the past, law professor Eric Goldman has suggested that when it comes to infringing content, courts have an uncanny ability to ignore the actual law, and make up their own rules in response to the belief that "infringement bad!" An ongoing lawsuit against Cloudflare seems to be a case in point. As covered by TorrentFreak, a judge has allowed a case against Cloudflare to move forward. However, in doing so, it seems clear that the judge is literally ignoring what the law says.

The case itself is... odd. In the complaint, two makers of bridal dresses are upset about the sale of counterfeits. Now, if we're talking about counterfeits, you'll probably think that this is a trademark lawsuit. But, no, Mon Cheri Bridals and Maggie Sottero Designs are trying to make a copyright case out of this, because they're arguing that sites selling counterfeits are using their copyright-protected photos to do so. And Cloudflare is, apparently, providing CDN services to these sites that are selling counterfeit dresses using allegedly infringing photographs. It is odd to go after Cloudflare. It is not the company selling counterfeit dresses. It is not the company hosting the websites of those selling counterfeit dresses. It is providing CDN services to them. This is like suing AT&T for providing phone service to a counterfeit mail order operation. But that's what's happening. From the complaint:

The photographic images of Plaintiffs’ dress designs are the lifeblood of
Plaintiffs’ advertising and marketing of their dress designs to the consuming public.
Plaintiffs invest hundreds of thousands of dollars each year in the development of
sophisticated marketing campaigns which involve the engagement of models and
photographers and the coordination of expensive photoshoots to capture the appropriate
“look” of the campaign for a particular line of dresses. Plaintiffs’ ability to market their
unique dress designs to consumers is driven largely by the images of their dresses which
appear on their websites and in other marketing materials.

Plaintiffs, along with other members of the formalwear industry, are the
victims of a massive Internet scheme to advertise and sell products using the copyrighted
images of their dresses. These Internet websites, including ones serviced by Cloudflare
which are the subject of this Complaint, have manufactured, imported, distributed, offered
for sale and sold counterfeit goods, including bridal gowns, social occasion dresses, prom
dresses and other formalwear using copyrighted images of Plaintiffs’ dresses, they continue
to do so to this day.

Again the legal violation here seems very, very far removed from Cloudflare, and yet it's Cloudflare these companies are suing. In response, Cloudflare submitted a fairly thorough and detailed motion to dismiss, highlighting how there's no actionable claim against Cloudflare.

The Court should dismiss this action for several reasons. First, the plaintiffs have not alleged facts that meet the standard for contributory infringement in the Supreme Court’s landmark case Metro-Goldwyn-Mayer Studios Inc. v. Grokster, Ltd., 545 U.S. 913, (2005), and the Ninth Circuit’s most recent restatement of its jurisprudence in Cobbler Nevada, LLC v. Gonzales, 901 F.3d 1142 (9thCir. 2018). The plaintiffs have not alleged that Cloudflare’s service is so devoted to infringement that it is incapable of substantial non-infringing use. Nor can the plaintiffs cure that defect by amendment: plaintiff Maggie Sottero Designs is a Cloudflare customer. Second, the plaintiffs cannot allege, or ever show, that Cloudflare has actively and intentionally encouraged its customers, by clear expression or other affirmative steps, to infringe upon the plaintiffs’ copyrights. No facts exist to support such a claim. For that reason, the plaintiffs allege only Cloudflare’s passivity in failing to terminate customers whom the plaintiffs accuse of being infringers. They cannot state a viable claim because the alleged inaction does not suffice to create contributory infringement liability.

That is all pretty important. But there's also a second defect in the complaint. It confuses the law.

The plaintiffs’ invocation of the Digital Millennium Copyright Act, 17 U.S.C. § 512, has no bearing on the contributory infringement claim for two reasons. First, the DMCA is relevant only as providing a remedies limitation after a determination of liability. There is no basis for Cloudflare’s liability to begin with. Second, the plaintiffs ground their irrelevant DMCA argument on a fatal error in their notifications of claimed infringement: they had in mind the wrong subsection of the DMCA, applicable only to hosting providers, instead of the subsection that applies to system caching providers like Cloudflare. They therefore failed to provide in the notifications additional elements that were necessary for Cloudflare. The plaintiffs cannot cure these defects in an amended pleading.

This all requires a bit of explanation. First, "contributory" infringement is a concept that is not technically in the statute, but was invented by the Supreme Court in the Grokster decision back in 2005. However, the Supreme Court made it clear that for their to be contributory infringement, the party in question had to take affirmative steps to encourage or induce the infringement. Here, the bridal dress companies make literally no attempt to show any such activity (perhaps because there was none).

Second, for Cloudflare to be engaged in contributory infringement, under the Betamax case, the dress companies would separately need to show that Cloudflare's service is incapable of substantial non-infringing uses (the standard that was used to declare the VCR legal). That's why the Cloudflare motion to dismiss notes that one of the plaintiffs is, in fact, a Cloudflare customer (and has been for years). That certainly goes a long way towards showing that the plaintiffs know that Cloudflare has substantial non-infringing uses.

The second part is even more bizarre. The DMCA's safe harbors in Section 512 of the law apply differently to different types of internet companies. Section (a) is for "transitory digital network communications" (i.e., internet access providers. Section (b) is for "system caching" (i.e., CDN providers). Section (c) is for providers of "information residing on systems or networks at direction of users" (i.e., hosting providers) and Section (d) is for "information location tools" (i.e., search engines). There are slightly different rules associated with each one.

I should note that it's a good thing that the drafters of the DMCA actually were cognizant enough of the different types of players here. As I noted just recently, things get really funky when policymakers and courts fail to distinguish between different providers of different services. And here, the judge doesn't even seem to care.

From the above list, you'll see that it's pretty clear that Cloudflare is covered under section (b) as it's providing CDN services to the sites in question. Oddly, however, the "takedown notice" that the bridal dress companies provide doesn't even appear to be addressed to Cloudflare and doesn't appear designated for Cloudflare at all. Indeed, it appears to be addressing a hosting provider. Not a CDN. In fact, in the letter, it references 512(c) and not 512(b) and talks about sites "your company hosts" (Cloudflare doesn't host any sites).

As Cloudflare explained to the court, everything about this is just wrong.

Moreover, while the plaintiffs claim that Cloudflare “failed to take the appropriate action required by law in response to these notices,” see Complaint ¶ 32, the plaintiffs neither offer sufficient facts about any communications nor allege facts showing what “appropriate action” Cloudflare was supposed to take, the failure of which would constitute clear expression or other affirmative steps to foster infringement.7 The sample communication the plaintiffs attach as Exhibit B does not contain any reference to Cloudflare at all; the language suggests that the plaintiffs’ agent directed the communication to a hosting service, not a provider of pass-through and caching services such as Cloudflare: “please be advised that this message serves as the 4th formal notice under the DMCA that a website that your company hosts . . . is illegally duplicating and reproducing at least one copyrighted work . . . .” Dkt. 1-2 (emphasis added). The communication also identifies itself explicitly as a notification “under Section 512(c) . . . .” But Cloudflare is a system caching provider under section 512(b), not a hosting provider under section 512(c), and notifications of claimed infringement under section 512(b) require essential additional information that Exhibit B lacks. See 17 U.S.C. § 512(b)(2)(E)(ii) (requiring statement that the source website of the cached material has removed or disabled access to it at the source or that a court has ordered it to do so). The information in Exhibit B is thus irrelevant to Cloudflare. Because the plaintiffs identified Exhibit B as a sample of their communications, they cannot cure a pervasive defect in both their communications and their allegations that rely upon those communications.

This is actually a pretty big deal. Other courts have tossed out DMCA cases entirely for deficient notices.

Finally, one other element in this case. It was originally filed in the Central District of California, but along the way got moved to the Northern District. Along with the move, the bridal dress companies filed an amended complaint, in which they tried to fix some of the many deficiencies in the original, and this just gave Cloudflare a second chance to explain why the whole thing was nonsense. In this motion, Cloudflare dives deep on the difference between the different parts of DMCA 512 and what it covers:

The core defect of the plaintiffs’ case is their misunderstanding of the significant difference between web hosting services, which Cloudflare does not provide, and Internet security and website optimization services, which Cloudflare does provide. (Cloudflare explains its services more fully below.) The plaintiffs cannot allege that their notifications of claimed infringement were adequate for Cloudflare or that Cloudflare failed to take any simple measures that were available in the face of their communications... which the plaintiffs describe as a “sample” of “takedown notices” they sent to Cloudflare, lays bare the plaintiffs’ error.... The notice does not refer to Cloudflare. It simply identifies an (allegedly) “infringing domain,” speaks “To Whom it May Concern,” and then discusses “a website that your company hosts.” ... The exhibit also expressly references section 512(c) of the Digital Millennium Copyright Act (DMCA), a provision that relates to web hosting services and not to Cloudflare’s services. See 17 U.S.C. § 512(c). It thus fails to contain additional information that is necessary for notifications of claimed infringement to services like Cloudflare under 17 U.S.C. § 512(b)(2)(E). The amended complaint repeatedly makes clear that Cloudflare provides services to websites, which use other hosting services. Cloudflare does not itself host its customers’ websites.

In responding to this, the lawyer for the dress makers simply doubles down on the false claim that Cloudflare is hosting the content. It's... quite incredible. Also, the dress makers try to get around the lack of inducement by saying that the actual standard is "material contribution" and not "inducement."

In a clever sleight of hand, Cloudflare tries to sidestep the fact that it stores client website content, including infringing content, on its data servers in order to provide internet users with quicker, safer access to the infringing content. Ignoring the settled law which distinguishes between the “inducement” and “material contribution” pillars of contribution liability, Cloudflare conflates these two pillars in arguing that Plaintiffs’ claims, which are based only on the material contribution theory of contributory copyright infringement, do not satisfy the more demanding standard used to evaluate the inducement theory for contributory infringement. Cloudflare’s entire motion is therefore a strawman.

Except, literally all of that is wrong. This is not a question of different interpretations or different ways of looking at the law. This argument is just wrong. Indeed, as Cloudflare pointed out to the judge in response, the "material contribution" standard was used before Grokster in the 9th Circuit, but since that ruling came down, the 9th Circuit (as instructed by the Supreme Court in Grokster) now says that the proper test is whether or not there was inducement:

Before Grokster, the Ninth Circuit’s standard included “material contribution” language, but the Ninth Circuit has since conformed its standard to the Supreme Court’s teaching. (“Our tests for contributory liability are consistent with the rule set forth in Grokster.”) There is no third category of contributory infringement beyond what the Supreme Court articulated....

[....]

Material contribution is not a separate “theory” of contributory infringement but instead a way of characterizing imputed intent.

There is so much about this case that is just... bizarre and ridiculous. And yet, the judge basically shrugs about all of this and says the case may continue. And, incredibly, he gives no real reasons why other than basically saying that the (very wrong) arguments of the bridal dress shops are correct. The entire order denying the motion to dismiss is three paragraphs. Literally, that is it.

Cloudflare’s main argument – that contributory liability cannot be based on a defendant’s knowledge of infringing conduct and continued material contribution to it – is wrong. See Perfect 10, Inc. v. Visa Int’l Serv., Ass’n, 494 F.3d 788, 795 (9th Cir. 2007) (“[O]ne contributorily infringes when he (1) has knowledge of another’s infringement and (2) either (a) materially contributes to or (b) induces that infringement.”); see also Perfect 10, Inc. v. Giganews, Inc., 847 F.3d 657, 671 (9th Cir. 2017) (“[A] computer system operator is liable under a material contribution theory of infringement if it has actual knowledge that specific infringing material is available using its system, and can take simple measures to prevent further damage to copyrighted works, yet continues to provide access to infringing works.” (internal quotations and italics omitted)). Allegations that Cloudflare knew its customer-websites displayed infringing material and continued to provide those websites with faster load times and concealed identities are sufficient to state a claim.

2. The notices allegedly sent by the plaintiffs gave Cloudflare specific information, including a link to the offending website and a link to the underlying copyrighted material, to plausibly allege that Cloudflare had actual knowledge of the infringing activity. This is sufficient, at least at the pleading stage. A prior judicial determination of infringement was unnecessary.

3. Cloudflare’s challenge to the sufficiency of the notices under 17 U.S.C. section 512 is misplaced. Section 512 limits available relief based on certain safe harbors. Cloudflare has not shown that its conduct should be considered under one safe harbor rather than under another safe harbor (and thus has not shown that the alleged notice would need to be formatted in one way rather than another). In any event, this issue is neither dispositive to the action nor appropriate for resolution at this stage of the case.

This... is, again, simply incorrect. It completely misreads the law and previous cases. Paragraph three here is the most troubling of all. As noted above, Cloudflare is not a hosting service. It is not relying on the 512(c) safe harbors, but the 512(b) safe harbors, because it is a 512(b) service. And the judge literally ignores that and says that the company "has not shown that its conduct should be considered under one safe harbor rather than under another safe harbor" even though that's exactly what its filings repeatedly do.

I'm at a near total loss as to how the judge made this decision, because it is so far outside what the statute and case law (especially in the 9th circuit) say, that I can only conclude he decided to go with Eric Goldman's concept that when there's some infringement somewhere, all precedent and the letter of the law go out the window.